The UK government demanded that Apple break its encryption. Apple has finally responded by pulling that security feature for residents.
Earlier this month, the UK government stepped up the war on encryption by demanding that Apple break its encryption. The moment represented a resurfacing of the off again, on again war on security and encryption. In this case, the UK government was demanding that Apple compromise its security by installing a backdoor.
Security opponents in this debate argue that their demands aren’t that big of an ask. They say that all they are asking for is a backdoor that only the “good guys” can use. So, all the large companies have to do is nerd harder so that it can happen. Supporters of security have long pointed out that this is asking the impossible. You can’t create a backdoor for only the “good guys” while keeping out the “bad guys”. All you are doing is weakening and breaking the security feature.
If there was any doubts about the position of security experts, those doubts were erased back in October of last year when AT&T’s wiretap system for “good guys” only was compromised by Chinese hackers for an unknown, but presumably long, period of time. Specifically, this targeted the AT&T wiretap system for law enforcement, allowing Chinese hackers to gain a scary amount of access into people’s personal lives. It’s otherwise known as the Salt Typhoon hack.
Yet, despite logic, reason, and history on the side of security experts, security opponents continue to insist that all encryption must be broken anyway, compromising the security of users everywhere. With the demands by the UK government on Apple, there was a lot of concern with some calling it a security crisis unfolding. Yet, despite the high stakes, Apple didn’t appear to be saying which way they planned on responding to the situation.
Today, we are learning that Apple has finally more or less broken their silence on this latest fight over security. The company said that it would simply be ending it’s security feature for UK residents altogether. From the BBC:
Apple is taking the unprecedented step of removing its highest level data security tool from customers in the UK, after the government demanded access to user data.
Advanced Data Protection (ADP) means only account holders can view items such as photos or documents they have stored online through a process known as end-to-end encryption.
But earlier this month the UK government asked for the right to see the data, which currently not even Apple can access.
Apple did not comment at the time but has consistently opposed creating a “backdoor” in its encryption service, arguing that if it did so, it would only be a matter of time before bad actors also found a way in.
Now the tech giant has decided it will no longer be possible to activate ADP in the UK.
It means eventually not all UK customer data stored on iCloud – Apple’s cloud storage service – will be fully encrypted.
Data with standard encryption is accessible by Apple and shareable with law enforcement, if they have a warrant.
The Home Office told the BBC: “We do not comment on operational matters, including for example confirming or denying the existence of any such notices.”
In a statement Apple said it was “gravely disappointed” that the security feature would no longer be available to British customers.
“As we have said many times before, we have never built a backdoor or master key to any of our products, and we never will,” it continued.
This is, honestly, a pretty reasonable move on Apple’s part. After all, they were being asked to compromise the security of users globally. That is not likely to be a move that they would have liked to be making. This latest move shows that they still are willing to put their foot down to protect their users via its encryption services. So, they pulled their service for UK residents to ensure that this happens. As a result, it’s unclear if the UK can pursue the matter further since the users using such services are not in the UK.
The pitfall here, of course, is the fact that UK residents will no longer have Apple as a security service in this regard. As a result, they will have to look elsewhere for their security needs in that area. Luckily, there are other services out there being offered internationally, but still, any change is going to be a pain at minimum. One example for encrypted cloud storage that comes to mind is Mega, though there are probably other services out there that might offer such services.
At any rate, the UK governments moves have left their own citizens more vulnerable as a result of their actions. It was a bad move no matter how you slice it. Now, UK residents are paying the price for this huge misstep on the governments part.
Some people might draw the conclusion that if more countries do this sort of thing, then it would force “Big Tech” to finally bend to their will and compromise their security for users. This thinking is flawed because it’s more than possible for other companies to start building their own business in other countries, providing the security services once provided by the larger companies. All you’re really doing is offshoring those types of services, making it harder to, say, have law enforcement serve warrants. It’s really a case of the government shooting themselves in the foot in the process. This as ordinary citizens pay the price for these bad decisions. No matter ho your slice it, it’s a bad situation all around.
